On Thu, 20 Feb 2003, Jon Roberts wrote:
[snip]
> One more thing before I shut up: another problem with Sun's directory
> server is how they handle access control. The ACL's are affixed as
> attributes to the relevant entries. This scatters your access control
> directives all over the database.
Well, depending on your needs, that is either a problem or a feature.
Having ACLs concentrated in a single file is great if one person manages
all access control, but it makes it nearly impossible to distribute access
control authority.
[Dragging the thread somewhat ontopic]
I found OpenLDAP's ACL implementation very strange when I first looked at
it, after becoming used to seeing ACLs attached to the objects themselves
in other products. I still think that organic ACLs are better, but then I
dislike and fear centralized authority. :-/
This discussion should move to ldap@umich.edu .
--
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".